Malware And CampaignsCampaign

DPRK LNK malware using GitHub for command and control

April 2, 2026Threat Intelligence, Kimberly

Threat Intelligence and Fortinet-linked posts describe a DPRK-linked campaign using malicious LNK files and encoded PowerShell, with GitHub used as a command-and-control channel and scheduled tasks for persistence.

Open in PulseSee the full expert discussion →

QUOTES

DPRK-linked campaign uses malicious LNK files, encoded PowerShell, and GitHub for C2.

Persistence via Scheduled Tasks and strong evasion tactics observed

Fortinet Threat Research Blog | DPRK-Related Campaigns with LNK and GitHub C2

VOICES

Threat Intelligence

Kimberly

RELATED TERMS

githubc2malwaregithubsocial engineering

OTHER FINDINGS IN MALWARE AND CAMPAIGNS

Axios npm package compromise, WAVESHAPER.V2 cross platform RAT Handala Hack Telegram threat claiming imminent Lockheed Martin data leak Telnyx PyPI compromise (TeamPCP) shipping malware in telnyx 4.87.1/4.87.2

AMYGDALA PULSE

See what experts are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new expert voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security